The next time Windows is started, the infected file KERNEL32.DLL will infect some functions with the virus code. Thus, 16 "KERNEL32" functions are infected:
open file
copy
delete
modify file settings etc.

For infecting KERNELL32.DLL, the virus saves this file as KRIZED.TT6 and then changes it. By the next system start, the file KERNEL32.DLL is replaced with KRIZED.TT6, thanks to an entry made in WININIT.INI.

The virus has an additional damage routine in its code: on December, 25th, the CMOS memory crashes, all files of the drive are overwritten and it tries to crash Flash BIOS.